This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Setting Failed Attempts and Lockout Time

Hello, I would like to set failed attempts and lockout time on my Global Protect auth profile but I do not see where I can set this. The only place I see these settings is in the global profile but I would like to set this only for Global Protect. I am using v 10.2.4-h2 Thanks for any thoughts. MJF

GlobalProtect blocks my internet access

Hi all, I've recently started to use a GlobalProtect vpn, but every time I successfully connect to it, it blocks my internet access. I reached out to our IT departement and a firewall engineer told me he can see that I am connected and that traffic is being allowed from my location, but return traffic from them is timing out after a couple of pa...

IPv6 Traceroute not returning hops before the destination

I have two GlobalProtect installations each configured differently. I can ping and connect to IPv6 destinations just fine. If I run a traceroute to the IPv6 destinations using UDP or ICMP, I do not get the hops before the destination. For example: Tracing route to google.com [2607:f8b0:4005:80d::200e]over a maximum of 30 hops: 1 * * * Request ...

Blank Login Page

Issue occurs both on Windows 10 & 11. Mostly see it on 10 though and when the user is off site. Rarely do we see the issue on site. User tries to connect to GlobalProtect, window pops up and it's blank - can't type in credentials. GP version: 6.0.3 We've tried uninstalling, deleting the files/folder in Program Files (and x86) and in rege...

GP.jpg

Is it possible to host a Global Protect Portal and Gateway on the same outside interface as IPSEC VPNS

I'm trying to set up a global protect gateway on an interface that already has a couple IPSEC VPN tunnels on it. But I am unable to browse to the page to download the client. After some checking I realized that I'm not even able to ping this interface from inside the network or from the public IP of the other PA. If I ping out, then I am getting...

Global Protect authentication happened twice while LDAP and Okta Auth

Recently we moved to PA-3410 software version 11.0.1-h2 from PA-850 software version 10.2.3-h4 . on both firewalls GlobalProtect Agent 6.1.1 We have selected option for authentication override On PortalsGenerate cookie for authentication override on Gateway Accept cookie for authentication override https://supportcases.paloaltonetw...

tthapa23 by L2 Linker
  • 7812 Views
  • 8 replies
  • 0 Likes

"failed to open message queue" error for one user but not others

Greetings all. CentOS 8 user is unable to run globalprotect from the CLI; gets "Cannot connect to local gpd service." The PanGPA process never starts for the user, either automatically or manually. In user's PanGPI.log, the errors are: Info (687): debug thread startsInfo (211): #############Run GPI into prompt mode.###############Error (80): ...

Global Protect

Hi Friends, We have a customer who is using global protect. Two HIP profiles are configured for two different groups. One for AD users and one for Local users. The requirement is if local user tries to login he should get the hip profile banner set up for local user If the ad user login he should get the hip profile banner that is setup for A...

MFA on PAN-OS Firewall (okta integrated) redirects on GP instead of browser for HTTP resources.

I have MFA deployed on the firewall ( okta integrated), based on implementation if user is accessing http/https based resources then redirect will happen in Browser however, for non-http applications MFA will prompt on GP client App, Please note port 4501 added into the system's firewall rule. I have an issue where users are seeing some incons...

GlobalProtect Web Portal - Domain Validation Code (DVC) - /.well-known/pki-validation

Does anyone know how to go about performing domain validation for an IP address for the GlobalProtect Portal? This is a standard supported by most Certificate providers but I can't find anything about it when searching Palo Alto's site. With this tunnelcrack vulnerability and the need to use an IP address in the SAN of a publicly signed cert,...

Resolved! GlobalProtect issues after updating firewall version to 10.2.3

Hi Team The customer recently updated one of their firewalls to version 10.2.3 and now when we try to connect to the GlobalProtect client on the end user's machines, we are prompted twice to sign in. The monitoring tab gives a failure with "Authentication failed: empty password". Adding to this, we use Cisco Duo for MFA and we are prompted twi...

GP 6.0.6 - Cookie expired only from mobile phone

Hi, we have PA-850 and we deployed GP 6.0.7 for desktops and 6.0.6 version for mobile phones. The authentication is based on SAML via Azure and every connection from desktops works flawlessly. Recently we started receiving complaints from users that the VPN stopped working on phones, they received an XML saying Access Denied (attached). Looking ...

Group Login condition Azure Groups

Hi, We are using our on prem LDAP to fetch groups on the Palo. For GP authentication as well, we are using group in 1) GP Portal > Agent > Config Selection Criteria > User/User Group 2) GP Gateway > Agent > Client Settings > Config Selection Criteria This works well with on prem LDAP. Now we are trialling out SAML with Azure...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks